CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2001-0980 Exec Code 2001-07-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.
1102 CVE-2001-0981 2001-08-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
1103 CVE-2001-0982 Dir. Trav. 2001-07-23 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings.
1104 CVE-2001-0983 +Priv 2001-08-31 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges.
1105 CVE-2001-0984 2001-09-13 2017-12-20
4.6
None Local Low Not required Partial Partial Partial
Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and prompt on restore" options enabled, which could allow an attacker with access to the memory (e.g. an administrator) to read the passwords.
1106 CVE-2001-0985 Exec Code 2001-09-08 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
1107 CVE-2001-0986 +Info 2001-09-14 2017-12-19
5.0
None Remote Low Not required Partial None None
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
1108 CVE-2001-0987 XSS 2001-07-22 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap.
1109 CVE-2001-0988 +Info 2001-07-23 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information.
1110 CVE-2001-0989 Overflow +Priv 2001-07-23 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign.
1111 CVE-2001-0990 +Info 2001-09-04 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
1112 CVE-2001-0991 XSS 2001-07-24 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message.
1113 CVE-2001-0992 Exec Code 2001-09-05 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter.
1114 CVE-2001-0993 DoS 2001-07-24 2017-10-10
2.1
None Local Low Not required None None Partial
sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length.
1115 CVE-2001-0994 DoS 2001-09-04 2017-12-19
5.0
None Remote Low Not required None None Partial
Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device.
1116 CVE-2001-0995 2001-08-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.
1117 CVE-2001-0996 2001-09-02 2017-12-19
6.4
None Remote Low Not required None Partial Partial
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly.
1118 CVE-2001-0997 Exec Code 2001-09-11 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter.
1119 CVE-2001-0998 DoS 2001-09-24 2017-10-10
5.0
None Remote Low Not required None None Partial
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.
1120 CVE-2001-0999 2001-09-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.
1121 CVE-2001-1000 2001-09-07 2017-12-19
2.1
None Local Low Not required Partial None None
rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file.
1122 CVE-2001-1002 Exec Code +Priv 2001-08-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.
1123 CVE-2001-1003 +Priv 2001-08-31 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.
1124 CVE-2001-1004 XSS 2001-08-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags.
1125 CVE-2001-1005 +Priv 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges.
1126 CVE-2001-1006 2001-08-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application.
1127 CVE-2001-1007 2001-08-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack.
1128 CVE-2001-1008 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.
1129 CVE-2001-1009 264 +Priv 2001-08-31 2011-02-16
10.0
None Remote Low Not required Complete Complete Complete
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
1130 CVE-2001-1010 Dir. Trav. 2001-07-22 2017-10-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.
1131 CVE-2001-1011 +Priv 2001-07-25 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
1132 CVE-2001-1012 +Priv 2001-09-05 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/.
1133 CVE-2001-1013 2001-09-12 2017-12-19
5.0
None Remote Low Not required Partial None None
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
1134 CVE-2001-1014 Exec Code 2001-09-15 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter.
1135 CVE-2001-1015 Overflow +Priv 2001-10-16 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument.
1136 CVE-2001-1016 2001-09-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."
1137 CVE-2001-1017 +Priv 2001-09-04 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.
1138 CVE-2001-1018 2001-09-20 2017-12-19
5.0
None Remote Low Not required Partial None None
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.
1139 CVE-2001-1019 Dir. Trav. 2001-09-08 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter.
1140 CVE-2001-1020 Exec Code 2001-09-05 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.
1141 CVE-2001-1021 Exec Code Overflow 2001-07-26 2019-08-13
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
1142 CVE-2001-1022 Exec Code Bypass 2001-07-26 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
1143 CVE-2001-1023 2001-09-21 2017-12-19
5.0
None Remote Low Not required Partial None None
Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header.
1144 CVE-2001-1024 Exec Code 2001-07-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument.
1145 CVE-2001-1025 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
1146 CVE-2001-1026 2001-07-09 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address.
1147 CVE-2001-1027 Exec Code Overflow 2001-08-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.
1148 CVE-2001-1028 Overflow +Priv 2001-05-28 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.
1149 CVE-2001-1029 Bypass 2001-09-20 2017-10-10
2.1
None Local Low Not required Partial None None
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
1150 CVE-2001-1030 Bypass 2001-07-18 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 (This Page)24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.